Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Research by FaceTime Communications has found risky Internet activity by employees poses an increasing threat to network security for corporate enterprises.

While the number of unique malware instances was down last year when compared with the 2000 identified in 2005, FaceTime researchers warn todays malware is stealthier, more complex and harder to identify and defend against. According to an analysis of threats tracked or identified by FaceTime Security Labs, 1,224 unique threats on "greynet" applications— programs that network users download and install on their computers, usually without the knowledge of their IT department—were reported in the past year, with attacks over peer-to-peer networks increasing by 140 percent over 2005 levels and multichannel attacks jumping to 29 percent of all attacks in 2006 from 18 percent the prior year.

"The numbers alone dont tell the story," said Chris Boyd, director of malware research at FaceTime Security Labs, in a statement. "The sources of the most insidious threats we identified in 2006 are not the glory-hungry hackers of yesterday. These are cyber-criminals and click-fraud experts who are well-funded, extremely savvy, and their M.O. is to stay in the background and collect as much information as they can before moving on to the next target."

But the doorway to critical data is sometimes opened unwittingly by employees as they introduce greynet applications onto the corporate network without the sanction of their IT department, FaceTime officials said. According to the companys Second Annual Greynets Survey, 39 percent of users believe they should be allowed to "install the applications they need on their work computers," independent of IT oversight or policy, while 53 percent of users report they "tend to disregard" company policies that govern greynet usage, specifically IM and peer-to-peer file sharing.

Meanwhile, the study found 80 percent of IT managers are at locations that have experienced greynet-related attacks within the last six months.

"Despite myriad security technologies employed by enterprise IT managers to block malicious attacks, the user is often the biggest vulnerability, especially on the real-time, socially-networked Web" said Frank Cabri, vice president of marketing for FaceTime, in a statement. "In 2007, the biggest security risk for organizations is likely to be their own users, as employees install consumer-oriented greynet applications onto their workplace computer faster than the IT team can keep up with the corresponding controls."

The motive of the purveyors of malware is largely financial, with the major malware discoveries of 2006 all pointing toward botnets designed to gather personal or banking data for malicious means, FaceTime officials said.

Researchers also outlined some of the top security threats of 2006, including an incident in March when the "Carder" botnets—collectively representing up to 150,000 compromised computers—used a custom-built Perl script to fraudulently scan desktop and back-end systems to obtain credit card numbers, bank accounts and other personal information. The operators could potentially launch these scans from any computer on the botnet to mask their actual location, FaceTime officials said.

"It is more important to understand that, although major network disruptions dont seem to result from malware attacks propagated via IM, the sophistication, complexity and stealthy behavior of these threats make them far more dangerous, " Boyd said.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.